Hosts files and IP addresses.
The team at Refract DNS has, between us, worked for companies both large and small. We noticed that with every client we had the same problem, a large Windows hosts file that was hard to read and hard to use. The hosts file would eventually become a large mess of IP address, domain names and comments. There were often duplicates, and if anything changed it would mean a slow hunt through the file to perform updates.
It was also a challenge to find and identify which overrides were enabled or disabled, scanning for the '#' character was time consuming and not much fun.
We were also frustrating that the hosts file limited us to using fully qualified domain names and that it wasn't possible to take advantage of wildcard and CNAME records; both would allow us to easily simplify our hosts file.
Based on our experiences, we came up with the following aims for Refract DNS:
- Make it easier to find and enable/disable overrides.
- Remove the need to duplicate IP addresses and domain names.
- Create a system where turning one override on automatically disables any other active override.
- Group overrides for related service so we can enable or disable them together.
- Take advantage of wildcards to simplify and reduce the number of entries.
- Control overrides locally and independently of other users on the network.
At the same time we were also looking for a solution that allowed us to block tracking and advertising sites when browsing the internet. There are many good solutions already available that performed this task but each had their own problems.
We had been using browser add-ons but these had several problems. The first problem was having to install the add-on in every browser. This was time consuming and not every browser was supported. The second problem we had is that we may have blocked third party tracking sites but we had now give complete access to our browser to the add-on: something we REALLY did not want!
Another alternative we considered were third party apps that could be installed on our local system. Many of these tools control the blacklisted domains and not the user. Additionally some of these tools have started to act as gatekeepers and whitelisting certain domains. We wanted to control and own the list of domains that are blocked so that we remained in control.
The last alternative was an existing lightweight DNS server. Although a promising solution because it allowed us to manage and control the list of domains, it didn't solve all our problems. Firstly the local machines needs to be able to see the DNS server everywhere not just on our internal network. If our staff work from home they would still need to be able to reach the DNS server. This means having the DNS server publicly hosted and properly secured. The second and bigger problem was that from time to time we actually need to disable the blacklisting of domains. Normally we need to do this because we have to integrate with a third party system that we are blocking, for example an analytics or advertising system. With the DNS server solution we couldn't disable the blacklist with a single click and additionally if it was off for one person it was off for everyone which was less than ideal.
Therefore we created Refract DNS with the following aims:
- Provide the ability to blacklist domains individually and in bulk.
- The user maintains complete control over the domains that are blacklisted.
- Provide a mechanism to allow the users to easily turn on and off blacklisting as needed.
- Provide a solution that has no ability to see the data in the applications being used.
We still have lots of ideas about other features that we will add to Refract DNS in the future. The more we use the tool the more ideas we have and we are excited to share these with our users.
More importantly we want to hear your ideas and suggestions and welcome any feedback via our Support page.